CVE-2018-7334
https://notcve.org/view.php?id=CVE-2018-7334
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector could crash. This was addressed in epan/dissectors/packet-umts_mac.c by rejecting a certain reserved value. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, el disector UMTS MAC podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-umts_mac.c rechazando cierto valor reservado. • http://www.securityfocus.com/bid/103162 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14339 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=8ed705e1227d3d582e3f0de435bba606d053d686 https://lists.debian.org/debian-lts-announce/2018/04/msg00018.html https://www.debian.org/security/2018/dsa-4217 https://www.wireshark.org/security/wnpa-sec-2018-07.html •
CVE-2018-7325
https://notcve.org/view.php?id=CVE-2018-7325
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, epan/dissectors/packet-rpki-rtr.c tenía un bucle infinito que se abordó validando un campo length. • http://www.securityfocus.com/bid/103158 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14414 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=7be234d06ea39ab6a88115ae41d71060f1f15e3c https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.wireshark.org/security/wnpa-sec-2018-06.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2018-7337
https://notcve.org/view.php?id=CVE-2018-7337
In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. This was addressed in plugins/docsis/packet-docsis.c by removing the recursive algorithm that had been used for concatenated PDUs. En Wireshark desde la versión 2.4.0 hasta la 2.4.4, el disector de protocolo DOCSIS podría cerrarse inesperadamente. Esto se trató en plugins/docsis/packet-docsis.c eliminando el algoritmo recursivo que se había estado empleando para los PDU concatenados. • http://www.securityfocus.com/bid/103164 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14446 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=511a8b0b546d25413e289dc5a7d3a455a33994c2 https://lists.debian.org/debian-lts-announce/2018/04/msg00018.html https://www.wireshark.org/security/wnpa-sec-2018-08.html •
CVE-2018-7417
https://notcve.org/view.php?id=CVE-2018-7417
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector could crash. This was addressed in epan/dissectors/packet-ipmi-picmg.c by adding support for crafted packets that lack an IPMI header. En Wireshark 2.2.0 a 2.2.12 y 2.4.0 a 2.4.4, el disector IPMI podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-ipmi-picmg.c añadiendo soporte a paquetes manipulados que carecen de cabecera IPMI. • http://www.securityfocus.com/bid/103156 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14409 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=81216a176b25dd8a616e11808a951e141a467009 https://lists.debian.org/debian-lts-announce/2018/04/msg00018.html https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.wireshark.org/security/wnpa-sec-2018-12.html •
CVE-2018-7323
https://notcve.org/view.php?id=CVE-2018-7323
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-wccp.c had a large loop that was addressed by ensuring that a calculated length was monotonically increasing. En Wireshark 2.4.0 a 2.4.4 y 2.2.0 a 2.2.12, epan/dissectors/packet-wccp.c tenía un gran bucle que se abordó asegurando que una longitud calculada se incrementaba repetitivamente. • http://www.securityfocus.com/bid/103158 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14412 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=4f9199ea8cff56c6704e9828c3d80360b27c4565 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=5d45b69b590cabc5127282d1ade3bca1598e5f5c https://lists.debian.org/debian-lts-announce/2018/04/msg00018.html https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html https://www.wireshark.org/security/wnpa-sec-2018-06.html • CWE-834: Excessive Iteration •